Our client is InSearch for a Splunk SOAR Subject Matter Expert (SME) with Splunk Enterprise Security (ES) experience to support a mission-critical DoD cybersecurity program. You’ll lead development of cyber-focused SOAR playbooks, support ES tuning and configuration, and help mature detection and response use cases across a secure enterprise environment. This is a 9-month remote contract opportunity with a potential extension.
Compensation: $70-$95/hourly based on experience
Responsibilities
SOAR Engineering & Playbook Development
- Design, build, test, and deploy Splunk SOAR playbooks focused on real-world cyber incidents (triage, enrichment, containment, and response).
- Integrate SOAR with common security tools (SIEM, EDR, ticketing, email, threat intel feeds, IAM, etc.) to automate workflows.
- Maintain and optimize playbooks for reliability, speed, and auditability.
Splunk Enterprise Security (ES) Operations
- Perform ES tuning, configuration, and ongoing health/performance optimization.
- Manage and refine assets and identities to improve detection fidelity and correlation accuracy.
- Develop and maintain use cases, correlation searches, and content aligned with DoD mission requirements and threat priorities.
Operational Support & Collaboration
- Partner with SOC analysts, incident responders, and engineering teams to operationalize automation and improve response outcomes.
- Support troubleshooting, root-cause analysis, and continuous improvement of SOAR/ES content.
- Produce documentation (playbooks, runbooks, SOPs) and contribute to knowledge transfer.
Required Qualifications
- Active TS/SCI clearance (required to start)
- Strong hands-on experience as a Splunk SOAR SME and Splunk ES practitioner
- Proven experience building and implementing security-focused SOAR playbooks in production
- Demonstrated experience with ES tuning, configuration, assets/identities, and use case development
- Ability to work independently in a remote environment while collaborating with distributed stakeholders
Required Certifications
- Splunk Core Consultant
- Splunk SOAR Playbook Developer
- Splunk SOAR Administrator
- Splunk ES Administrator — must be obtained within 6–12 months of onboarding
Apply
Please submit your resume to dan@insearch-it.com or apply below.
InSearch. We Search. You succeed.